BeEF for Vegetarians (Hooked Browser Meshed-Networks with WebRTC) presented at Kiwicon 2014

by Christian "xntrik" Frichot,

Summary : One of the biggest issues with BeEF is that each hooked browser has to talk to your BeEF server. What about all those vegetarian browsers that don’t want to touch your juicy BeEF? Don’t worry Internet-friends, those crazy pioneers at Google, Mozilla and Opera have solved this problem for you with the introduction of Web Real-Time Communications (WebRTC). Initially designed to allow browsers to stream multimedia to each other, the spec has made its way into most Chrome and Firefox browsers, not to mention it’s enabled by default.
Using this bleeding-edge web technology, we can now mesh all those hooked browsers in your organisation, funnelling all your BeEF comms through a single sacrificial sheep^H^H^H^Hcow. Leveraging WebRTC technologies (such as STUN/TURN and even the fact the RTC-enabled browsers on local subnets can simply UDP each other), meshing browsers together can really throw a spanner into an incident-responders work. The possibilities for a browser-attacker are fairly endless, channeling comms through a single browser, or, making all the browsers round-robin. This is just another tool tucked into your belt to try and initiate and maintain control over browsers.
This presentation will present a background into WebRTC, and then demonstrate (and release) the WebRTC BeEF extension.